cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Strange error when making call
Date Mon, 27 Feb 2017 11:40:33 GMT
The CryptoCoverageChecker should be added to the in interceptor list, not
the out interceptor list, as its job is to verify that incoming message
parts were signed/encrypted. I'll fix the NPE.

Colm.

On Thu, Feb 23, 2017 at 9:08 PM, Morein, Arnie <Arnold.Morein@dps.texas.gov>
wrote:

> Can someone translate this into plain English? After much grief, a call is
> going out, but the response may be invalid? Or maybe I don't have the
> interceptors configured properly?
>
> Feb23 14:55:26.546 WARN [PhaseInterceptorChain         ][::] - Interceptor
> for {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> java.lang.NullPointerException: null
>         at org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker.
> handleMessage(CryptoCoverageChecker.java:140) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker.
> handleMessage(CryptoCoverageChecker.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
> [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
>         at com.sun.proxy.$Proxy55.authenticate(Unknown Source) [na:na]
>         at txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:188)
> [VlsBusiness.class:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_40]
>         at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62) ~[na:1.8.0_40]
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_40]
>         at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_40]
> ...
> Feb23 14:55:26.558 ERROR[VlsBusiness                   ][::] - There was a
> problem authenticating to the AAMVA Authentication Service:
> javax.xml.ws.soap.SOAPFaultException: Fault string, and possibly fault
> code, not set
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:161)
>         at com.sun.proxy.$Proxy55.authenticate(Unknown Source)
>
> These are the values I'm setting on the PORT:
>
> // configure ws-security
> Properties crytoProperties = new Properties();
>
> crytoProperties.put(SecurityConstants.TIMESTAMP_FUTURE_TTL, "120");
>
> crytoProperties.put(SecurityConstants.SIGNATURE_PROPERTIES,
> WSS4J_PROPERTIES);
> crytoProperties.put(SecurityConstants.SIGNATURE_USERNAME,
> KEYSTORE_KEY_ALIAS);
>
> crytoProperties.put(SecurityConstants.ENCRYPT_PROPERTIES,
> WSS4J_PROPERTIES);
> crytoProperties.put(SecurityConstants.ENCRYPT_USERNAME,
> KEYSTORE_KEY_ALIAS);
>
> crytoProperties.put(SecurityConstants.CALLBACK_HANDLER,
>                 txdps.dl.bpr.common.business.VlsCxfUserPasswordCallback.
> class.getName());
>
> Map<String, Object> ctx = ((BindingProvider) port).getRequestContext();
> Enumeration<?> e = crytoProperties.propertyNames();
> while (e.hasMoreElements()) {
>         String key = (String) e.nextElement();
>         ctx.put(key, crytoProperties.get(key));
> }
>
> Bus bus = BusFactory.newInstance().createBus();
> STSClient stsClient = new STSClient(bus);
> Map<String, Object> stsProps = stsClient.getProperties();
> stsProps.put(SecurityConstants.ENCRYPT_PROPERTIES, WSS4J_PROPERTIES);
> stsProps.put(SecurityConstants.ENCRYPT_USERNAME, KEYSTORE_KEY_ALIAS);
>
> stsProps.put(SecurityConstants.SIGNATURE_PROPERTIES, WSS4J_PROPERTIES);
> stsProps.put(SecurityConstants.SIGNATURE_USERNAME, KEYSTORE_KEY_ALIAS);
>
> stsProps.put(SecurityConstants.STS_TOKEN_USERNAME, KEYSTORE_KEY_ALIAS);
> stsProps.put(SecurityConstants.STS_TOKEN_PROPERTIES, WSS4J_PROPERTIES);
> stsProps.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
>
> ctx.put(SecurityConstants.STS_CLIENT, stsClient);
>
> // create properties for intercepters
> HashMap<String, Object> inProps = new HashMap<String, Object>();
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " "
> + WSHandlerConstants.SIGNATURE
>                 + " " + WSHandlerConstants.ENCRYPT);
> inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
>                 txdps.dl.bpr.common.business.VlsCxfUserPasswordCallback.
> class.getName());
>
> inProps.put(WSHandlerConstants.USER, KEYSTORE_KEY_ALIAS);
>
> inProps.put(WSHandlerConstants.SIGNATURE_USER, KEYSTORE_KEY_ALIAS);
> inProps.put(WSHandlerConstants.SIG_PROP_FILE, WSS4J_PROPERTIES);
>
> inProps.put(WSHandlerConstants.ENCRYPTION_USER, KEYSTORE_KEY_ALIAS);
> inProps.put(WSHandlerConstants.ENC_PROP_FILE, WSS4J_PROPERTIES);
>
> HashMap<String, Object> outProps = new HashMap<String, Object>();
> outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + "
> " + WSHandlerConstants.SIGNATURE
>                 + " " + WSHandlerConstants.ENCRYPT);
> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
>                 txdps.dl.bpr.common.business.VlsCxfUserPasswordCallback.
> class.getName());
>
> outProps.put(WSHandlerConstants.USER, KEYSTORE_KEY_ALIAS);
>
> outProps.put(WSHandlerConstants.SIGNATURE_USER, KEYSTORE_KEY_ALIAS);
> outProps.put(WSHandlerConstants.SIG_PROP_FILE, WSS4J_PROPERTIES);
>
> outProps.put(WSHandlerConstants.ENCRYPTION_USER, KEYSTORE_KEY_ALIAS);
> outProps.put(WSHandlerConstants.ENC_PROP_FILE, WSS4J_PROPERTIES);
>
> DefaultCryptoCoverageChecker coverageChecker = new
> DefaultCryptoCoverageChecker();
> coverageChecker.setEncryptBody(true);
> coverageChecker.setEncryptUsernameToken(true);
> coverageChecker.setSignAddressingHeaders(true);
> coverageChecker.setSignBody(true);
> coverageChecker.setSignTimestamp(true);
> coverageChecker.setSignUsernameToken(true);
>
> // activate ws-security
> org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
> org.apache.cxf.endpoint.Endpoint endpoint = client.getEndpoint();
>
> endpoint.getInInterceptors().add(new SCTInInterceptor());
> endpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps));
> endpoint.getInInterceptors().add(new LoggingInInterceptor());
>
> endpoint.getOutInterceptors().add(new SCTOutInterceptor());
> endpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
> endpoint.getOutInterceptors().add(new LoggingOutInterceptor());
> endpoint.getOutInterceptors().add(coverageChecker);
>
> // enable TLS
> HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
> HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> httpClientPolicy.setConnectionTimeout(36000);
> httpClientPolicy.setAllowChunking(false);
> httpClientPolicy.setReceiveTimeout(32000);
>
> KeyStore trustStore = KeyStore.getInstance("JKS");
> URL truststoreUrl = Thread.currentThread().getContextClassLoader().
> getResource(KEYSTORE_FILE);
> trustStore.load(truststoreUrl.openStream(), KEYSTORE_PASSWORD.toCharArray(
> ));
>
> TrustManagerFactory trustFactory = TrustManagerFactory
>                 .getInstance(TrustManagerFactory.getDefaultAlgorithm());
> trustFactory.init(trustStore);
>
> TLSClientParameters tlsParams = new TLSClientParameters();
> List<String> cipherSuites = new ArrayList<String>();
> cipherSuites.add("SHA1withRSA");
> tlsParams.setCipherSuites(cipherSuites);
> tlsParams.setDisableCNCheck(true);
> tlsParams.setSecureSocketProtocol("TLSv1.2"); // TLSv1 TLSv1.1 TLSv1.2
> tlsParams.setTrustManagers(trustFactory.getTrustManagers());
>
> httpConduit.setTlsClientParameters(tlsParams);
> httpConduit.setClient(httpClientPolicy);
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message